<?
	include "../db.php";

	extract($_POST);

	session_start();
	
	$query_login = "select * from login where username = '$txt_username_email' || email = '$txt_username_email'";

	$result_login = mysql_query($query_login);

	if($result_login)
	{
		$row = mysql_fetch_assoc($result_login);
		$username = $row['username'];
		$category = $row['category'];
		$query_pwd = "select password from $category where username = '$username'";
		$result_pwd = mysql_query($query_pwd);
		$rows_pwd = mysql_fetch_assoc($result_pwd); 
		if($rows_pwd['password'] == $txt_password)
		{
			$_SESSION['username'] = $row['username'];
			$_SESSION['category'] = $row['category'];
			$_SESSION['user_id'] = $row['id'];
			header("location:../$category/profile.php?username=$username");
		}
		else
			header("location:login.php?msg=incorrect password!!!");
	}
	else
	{
		//$abcd = mysql_error();
		$msg1 = mysql_error();
		header("location:login.php?msg=incorrect username/password!!!&msg12=$msg1");
		
	}
?>
